Network transitioning from IPv4 to IPv6 Document Happiest People . Happiest Customers Contents • Introduction.......................................................................................................................................3 • Scope • Purpose • Executive Summary • Techniques used in the transition.....................................................................................................4 • Dual Stack • Tunnelling • Static Tunnels, Point to Point Mechanisms • Automatic tunnels, Point to Multipoint Mechanisms • 6to4 Tunnels • Teredo tunnelling • ISATAP Tunnels • IPv6 translation • Benefits of IPv6 transitioning............................................................................................................6 • Which technique to choose..............................................................................................................7 • Things to consider before transition.................................................................................................7 • Offerings...........................................................................................................................................7 • Summary..........................................................................................................................................8 2 © Happiest Minds Technologies. All Rights Reserved Introduction As enterprises are moving towards IPv6 it is imaginable that the migration process will happen gradually even within a single enterprise. To facilitate this gradual migration several migration techniques have been defined. This document details about the transitioning techniques and process being followed by Happiest Minds. • Scope This document will provide guidelines for network transitioning from IPv4 to IPv6. • Purpose The purpose of this document is to provide an overview of the transitioning techniques and standards. • Executive Summary As enterprises are moving towards IPv6 it is imaginable that the migration process will happen gradually even within a single enterprise. To facilitate this gradual migration several migration techniques have been defined. The following transi- tion techniques provide a mechanism to gradually migrate from an IPv4 infrastructure to an IPv6 infrastructure: • Dual Stack - The ability to assign an IPv4 and an IPv6 address to the same network interface • Tunneling - Static and automatic tunnelling of IPv6 packets over an IPv4 infrastructure • NAT-PT - Static or Dynamic Network Address Translation - Protocol Translation IPv4 to IPv6 transition stages Access network of IPv6 compatibility Auto discovery tools software Layout preparation for IPv6 address and subnet IP Address Management Implement DHCP Considerations DNS Considerations Monitor Security Assesment Sign Off 3 © Happiest Minds Technologies. All Rights Reserved Techniques used in the transition HOW IT WORKS Transition to IPv6 IPv6 OVER IPv4 TRAFFIC ROUTER IP v4 INTERNET 6to4 RELAY IP v6 INTERNET 6to4 ROUTER LOCAL NETWORK IPv6 TRAFFIC IPv6 TRAFFIC 6to4 HOST Dual Stack Dual stack is the core technique which the other transition techniques are builds upon. As stated earlier Dual Stack is the technique to allow an IPv4 and IPv6 address to be defined on the same network interface. Tunnelling Static Tunnels, Point to Point Mechanisms The advantage of doing static tunnels is that dynamic routing protocols can be run over the tunnel. There are 2 variants involved here for static tunnels; • GRE - Default tunnel mode • IPv6IP - Less overhead, no CLNS (IS-IS) transport Configuring static tunnels is a pretty straight forward process and the difference between configuring a GRE or a IPv6 IP tunnel is marginal. (config) ipv6 unicast-routing (config) interface INTERFACE-ID (config-if) ipv6 address ADDRRESS 4 © Happiest Minds Technologies. All Rights Reserved Next (config) interface tunnel NUMBER (config-if) tunnel source INTERFACE/IPv4-ADDRESS (config-if) tunnel destination IPv4-ADDRESS (config-if) ipv6 address IPv6-ADDRESS (config-if) tunnel mode ipv6ip <-- tunnel IPv6 over IPv4. GRE tunnel mode is the default Automatic tunnels, Point to Multipoint Mechanisms • 6to4 site to site tunnel • ISATAP host to host & host to router tunnel protocol (Within a Site) The advantage of automatic tunneling is that only one tunnel is needed (together with BGP or static routing) in order to establish a full mesh of connectivity. IPv6 prefix 2002: is reserved for the use of automatic tunneling. The IPv4 tunnel address is converted to Hex and pre-ended with 2002:. For instance with a tunnel IPv4 address of 1.1.1.1 the correspond- ing IPv6 subnet is 2002:0101:0101::/48. 6to4 Tunnels The configuration of a 6to4 tunnel is needed when one IPv6 site has to be connected with another IPv6 site through an IPv4 infrastructure. The principle is simple as the mechanism to use is to create a tunnel interface. The core part is to calculate the two 48 bit IPv6 subnets to be used between the two sites. As we saw earlier these subnets are calculated from the IPv4 IP address on both site of the point to point link. After these 2 subnets have been calculated on the sites, a static route to the remote 48 bit subnet pointing to the remote site’s 2002:: address is all what is needed to connect these two IPv6 sites together. At each site the 48 bit subnet can be divided into several 64 bi t prefixes for a hierarchical addressing scheme . (config) ipv6 unicast-routing (config) interface INTERFACE-ID (config-if) ipv6 address ADDRRESS (config) interface tunnel NUMBER (config-if) tunnel source INTERFACE/IPv4-ADDRESS <-- no tunnel destination, we are multipoint (config-if) ipv6 address 2002::[EXAMPLE] (config-if) tunnel mode ipv6ip 6to4 As stated earlier a static route must be configured to the next-hop address to each endpoint. Static routes can be omitted by using (e)BGP to peer using the 6to4 addresses between the two endpoints. By redistributing on each site the IPv6 IGP routes into BGP full IPv6 connectivity can be obtained between the sites. Teredo tunnelling Instead of using routers to tunnel packets, Teredo tunneling has the hosts perform the tunneling. This requires the hosts to be configured with double stacks. It is mostly put to use to move about packets through an IPv4 address translation device. ISATAP Tunnels ISATAP tunnels are needed when point to multipoint connections must be made within one site. What ISATAP does is use an improvised EUI-64 mechanism, resulting in the link-local address (FE80:) to be taken into account. So ISATAP is used to connect two dispersed IPv6 islands in a single site. As the whole mechanism is based on the tunnel, this concept is not the hardest to understand. The important difference here is in how the IPv6 endpoints addresses are calculated. The rest of the concept remains the same as with the 6to4 tunneling mechanism. As the ISATAP host prefix is calculated automati- cally the configuration is even more straightforward than the 6to4 method. 5 © Happiest Minds Technologies. All Rights Reserved (config) ipv6 unicast-routing (config) interface INTERFACE-ID (config-if) ipv6 address ADDRRESS (config) interface tunnel NUMBER (config-if) tunnel source INTERFACE/IPv4-ADDRESS <-- no tunnel destination, we are multipoint (config-if) ipv6 address 100:100::/64 eui-64 (config-if) tunnel mode ipv6ip isatap The modified EUI-64 mechanism calculates the host prefix/identifier as follows; the first 32 bits are always 0000:5EFE and the last32 bits are the IPv4 address in Hex. The first 64 bit network prefix can be anything and is not bound to any rules. With ISATAP the same routing considerations applies as for the 4to6 mechanism and will not be repeated here. IPv6 translation IPv6 translation schemes implement some form of packet-header translations between the IPv6 and IPv4 addresses. The goal is to translate packets with IPv6 addresses to those with IPv4 addresses, so that IPv6-only hosts can talk to the IPv4- only Internet. This may sound not very complex but in some cases it can be. For example, some server load balancers (SLBs) are capable of load balancing and translating packets with IPv6 addresses to IPv4 packets. This competency may turn out to be advantageous in data center deployments in that the existing IPv4 infrastructure can remain unchanged, and only the SLB requires modification. This kind of technique requires other mechanisms (such as tunneling or dual-stack techniques) to get the IPv6 packets to the SLB. However, as a means for accessing the IPv4 Internet, the translation tech- nique can actually be quite complex. Originally, NAT-Protocol Translation (NAT-PT: RFC 2766) was proposed for this cause, but it has consequently been considered non-practical to deploy (due to the need for application layer gateways ALGs), the management of IPv6 Domain Name System (DNS) requests, and the need for session initiation ordering for connection state establishment). In addition, IPv6 translation approaches break the Internet end-to-end connectivity model (a common trait of all NAT implementations), and cannot handle fragmentation in the core. Benefits of IPv6 transitioning More Efficient Routing: IPv6 reduces the size of routing Directed Data Flows: IPv6 supports multicast more than tables and makes routing more efficient. IPv6 lets ISPs broadcast. Multicast lets bandwidth-intensive flows (like aggregate the prefixes of their customers' networks into a multimedia streams) to be sent across to multiple destina- single prefix and announce this one prefix to the IPv6 tions simultaneously,